ericargyle

Hello, I am currently running a multi-site Windows 2008 R2 functional level domain between 2 sites. I have Sites and Services seperated by subnets (172.17.0.0) and (172.16.0.0) and replication all works properly. This design works great to keep things local that should stay local, and to ensure policy goes to proper site. DNS is ADI. Clients point to local site DNS first, secondary site DNS second. Is there a way that I can ensure that if Site A's DCs are downed completely, we cross campus to Site B. With this simply work with my current design, pointing to second sites DNS, which references all DCs? To be fair, I haven't pulled a DC down to test, and it might work already, but since Server 2008 r2 won't broadcast it's services over the WAN link, I'm not certain. Thanks, let me know if you need any more info. Eric

Cluberti, thanks for the reply. I am using DFS-R. I did manage to fix SYSVOL replication by setting DC1 as authorative and DC2 as non-authorative, and pushing DC2 to DC1 as the parent computer. However, DNS, which is fully ADI, seems to be replicating only from DC1 to DC2, and not vice versa. I'm wondering if you have any suggestions for that?

Thanks Allen. Unfortunately that is mainly dealing with frs. Mines 2008 functional , dfsr through and through. I think I should AdSiedit to make dc1 primary dfsr point. Then I should non authorative restore dc2 dfsr. Does that sound about right? Thanks as always Allen. Not the first time you've helped me.

repadmin runs clean as well. C:\Windows\system32>repadmin /showrepl Repadmin: running command /showrepl against full DC localhost East\DC1 DSA Options: IS_GC Site Options: (none) DSA object GUID: b90d4c8c-fde8-439f-82aa-50d5c8022040 DSA invocationID: 2dc9628e-4f4b-40da-b567-2fa6a1a9f9ce ==== INBOUND NEIGHBORS ====================================== DC=leyden,DC=local West\DC2 via RPC DSA object GUID: 56afd570-f325-4bf5-a05a-b7762ef5ff19 Last attempt @ 2011-06-17 10:06:11 was successful. CN=Configuration,DC=leyden,DC=local West\DC2 via RPC DSA object GUID: 56afd570-f325-4bf5-a05a-b7762ef5ff19 Last attempt @ 2011-06-17 10:06:11 was successful. CN=Schema,CN=Configuration,DC=leyden,DC=local West\DC2 via RPC DSA object GUID: 56afd570-f325-4bf5-a05a-b7762ef5ff19 Last attempt @ 2011-06-17 10:06:11 was successful. DC=DomainDnsZones,DC=leyden,DC=local West\DC2 via RPC DSA object GUID: 56afd570-f325-4bf5-a05a-b7762ef5ff19 Last attempt @ 2011-06-17 10:06:11 was successful. DC=ForestDnsZones,DC=leyden,DC=local West\DC2 via RPC DSA object GUID: 56afd570-f325-4bf5-a05a-b7762ef5ff19 Last attempt @ 2011-06-17 10:06:11 was successful.

PREFACE: I recently had to restore an image of our 2 DCs due to a DNS issue we were having. I restored from the previous night prior to the issue. The restore went cleanly. However, since then, GPOs have not replicated. SYSVOL is replicating. Login scripts have transferred over. Policies are not. Domain policies are not replicating from Dc1 to DC2 in my ADI domain. DNS is clean. Clients are able to log in, new clients are able to join the domain, and authenticate cleanly at each site. DNS updates dynamically for my clients. DFSR throws no errors, and communicates cleanly, even mapping drives over the WAN. It's 2008 R2 entirely, so FSR is not running, that fix won't work in my world. I have rebooted DC2 (which is having the issues), have pushed over with sites and services, and have checked DC2 for DFSR errors. Latest info on DC2: The DFS Replication service successfully established an inbound connection with partner DC1 for replication group Domain System Volume. To me, this would allow group policy objects to make the jump. No AV, no firewall running. I'm running out of ideas. Any help appreciated.

Root of drive is DEPT. In drive is MATH, ART, and READING. I want members of said groups to have modify rights on all contents in the folder, but not delete the folder itself. I've tried giving DENY rights on DEPT for THIS FOLDER ONLY and applying the special permission DELETE SUBFOLDERS AND FILES. I figured this would take precedence over a potential delete, but doesn't seem to do so. Even with the rule, users can still delete the folder. What is the proper way to accomplish this? Hopefully this post makes sense.

Thanks Allen. The issue was Domain Admins were in the local admins group, administrators on the domain were not. I pushed it out with Restricted Groups and that did the trick for affected users.

Besides the usual stuff... pointing to local WSUS server with updates defined, setting power saving, pointing to internal AV defs servers, making certain users local admins, and pushing Office and AV to all workstations... what else is in your default group policy on your domain(s)? I'm not a fan of pushing frequently updated apps, or limiting my users' experience to a fault, but I'm curious of any tweaks or policy that's good to push either to a group of users, machines, etc. Let me know! Thanks guys.

I ran net user username \domain The funny thing is that it tells me I'm a member of the local group: administrators. However, I have no access to control panel, or installing apps, etc. Any help would be great.

Ever hear of domain admin rights not propagating to the user at the workstation level when logged in? No changes have been made to default domain policy. Seems to have occurred out of nowhere. Any suggestions on how to fix this? Clearly the joined domain machine recognizes the domain user and authenticates. However, rights do not push. Any help would be excellent. Of note, it seems to be any new users I create in AD. Previously created admins do pull appropriate rights on logged in workstations. Also, this on consistent on Win7 and WinXP clients. Thanks guys.

Thanks Cluberti. I really, desperately would have loved them to be on the same domain, ie: campus.local, but how do I dictate different physical workstations to connect to the appropriate DC? Ideally, someone at West, should authenticate and pull DHCP from West DC, and east should pull authenticate and pull DHCP from EAST DC. Only reason this even matters, is because the gateway will be different to get out. Otherwise, I'm open to design ideas you can point me to, or explain in greater detail. Thanks again.

Cheers Allen. One more question, because I don't want to change the subnet in the middle of the year, what about keeping it at 172.17.6.2 to 172.17.15.250? Will that work?

Hey guys, Can you verify my proposed install? I am replacing ancient Novell Netware servers with Windows Server 2008 R2 DCs and FileServers. My environment consists of two campuses with a 100MB Opt-e-man link between them. I have already pieced out filstructure and permissions for user data, I am now in the process of planning the actual introduction of the new servers. The servers are all HP. Each campus has a DL360 and a DL370 x5660 with 36GB RAM. I would like to set up the DC as east-dc.local and east-fs.local. I will be running DHCP on this as a class B, and my scope will be 172.17.6.2 to 172.17.30.254 255.255.240.0 subnet DNS will also be running locally. Currently all DHCP and DNS is being done through the Sonicwall. I know, it's unfortunate. I inherited this. Secondly I would like to set up a DC as west-dc.local and west-fs.local. I will be running DHCP on this as a class B, and my scope will be 172.16.6.2 to 172.16.30.254 255.255.240.0 subnet File servers at both campuses will be configured as vanilla file servers on server-core. Shares will be made per user per campus. On the East AD, I'm going to structure the AD so that it looks like this: East (top level OU), Staff (under East), Students (under East), and Teachers (under East). West (top level OU), Staff (under West), Students (under West), and Teachers (under West). I do this per school to make sure shares are created at the desired physical location. I'm going to set up AD Replication between the 2 DCs, however, they will not be primary and secondary, they will still be their own individual DCs, as I don't want cross campus authentication, however, I do want them to be able to log in when at the opposite school. This should do that cleanly, while only mapping their minimal data home directories cross campus. Scripts are written for all users, and templates are set up. Printers will be added post clean install and user testing. There are additional, less Windows Server specific things, like print auditing, and some WSUS I'll set up later. From an onlookers perspective, does that all look like it will work cleanly? Anything to keep in consideration? Thanks.

Buy this product. I can vouch for it. I have it as an AP client to a Linksys N router. I have that in the living room, uplinked to a switch; and then I plug in the media pc, and the tv (internet connected) to it, and they all pull DHCP from the original router. Works a trick, can get it all for about 35 bucks. http://www.newegg.com/Product/Product.aspx?Item=N82E16833180035 Looks deactivated now, but ebay it, or google shop for it.

Question, currently our network has a DHCP scope of 172.17.6.2 to 172.17.9.250. I would like to expand it to 172.17.6.2 to 172.17.30.250. Is this possible? Just double-checking before expansion.

Hello all. Does anyone know of a database server application that will let me create a database larger than 4GB or 10GB? I know the cap for SQL Server Express 2005 (what I'm currently using) is 4GB and I believe the cap for SQL Server Express 2010 is 10GB, but I have a large scale migration that requires the database hovers around 50GB? Does SQL Server 2008 R2 180-day trial have any of these limitations? Thanks so much for the help. It is appreciated.

I'm working on a data migration using a SQL Server Express 2005 install, and a MIGRATE database on an external drive. From my testing I've been working with at MOST 2GB of data. For this, tempdb, the working database which resides on my fastest drive is doing all the legwork and then handing off the finished product to my external drive for storage once it does it's thing. My question is, when I'm working with 100GB of data for a proper migration, will tempdb write off the data to the larger drive throughout the process. The drive it's working with is a 64GB SSD, and I fear it will fill up throughout the process. As it is, I have not tried to relocate the tempdb. I thought by default it would be smart enough to write off the data to my proper database on the external drive if it got too big during the migration. Can anyone tell me if this is true? Or should I move my tempdb to the external drive as well? Pardon my ignorance, I am an Oracle DB guy, but it's been a few years since I've worked with SLQ Server 05. Thanks.

Thanks so much, always a great help! I guess you're right. The routes between campuses are already set up, and since it's basically 2 distinct campuses with some traveling staff and students, I should simply create 2 DCs, and then have them change login domain on startup if they're not at their native school. There's really no need to do it at the district level. At this point, if they're choosing campus at login, is there even a need to replicate AD, or should I keep that seperate as well?

Hey guys. I'm working with a school that I previously set up with a Server 08 R2 DC that hosts AD, runs DHCP, DNS, and the show. It works brilliantly, users are able to login, shares push properly, scripts are delivered, I've had no issues. However, seeing how well this implementation has gone, the secondary campus is looking to join the show and wants their own file server in house. The two campus's are physically connected, Cisco routers on each end. I simply haven't dealt with multiple trees and forests in a bit, so some basic answers to some questions would help me out. For simplicity's sake, lets say that the current DC running AD at the initial Campus is called "CAMPUS". I want to rename this to CAMPUSNORTH, and I want the additional AD tree to be called CAMPUSSOUTH, however, I want them both under the guise of the district domain, eg: DIST999. Can I create a forest called DIST999, and have CAMPUSNORTH and CAMPUSSOUTH under them. AD on CAMPUSSOUTH will be dcpromo'd as secondary to the new campus, and theoretically, all users will simply login to DIST999, but for speeds sake, the files per campus will be pushed appropriately (I can do this with scripts, no help needed) from the campus they're native to. Is there a "right" way to do this, and steps I should bear in mind while making the additional AD at the second campus? I can hack it together, but I'd like to do it with best practices in mind. Thoughts would be greatly appreciated.

I'm currently running AD for a school. I have 2 OUs, very basic, staff and students. Staff has shares on STAFF_FS, and students have shares on STUDENT_FS. I have created a scripts that creates the directories, shares them out, adds the users to AD with login scripts, passwords, and home directories mapped, and then sets permissions per user for that share. The problem is, there are several steps involved, and I'm looking to spend a few bucks to make this as hassle free as I can; which will also allow a secretary to take over some of the activities of adding students. The tool should interface with AD, ask me some details about standard location of shares for different types of users, and otherwise be fairly painless to manipulate user data after that. Any suggestions you all can throw out? Thanks very much in advance.

I'm running a Cisco 4400 controller with 50 APs (for wireless) with an NSA 240 Sonicwall (content filtering, and antivirus), and a Server 2003 R2 server running AD, DHCP, and DNS on the back end. Currently, I have LDAP SSO set up on the Sonicwall, and this works perfectly. Student logs in, one set of rules, teachers log in, there's another. However, I really want find a way to push out the SSID password without having to enter it in manually into every machine. I know I can build this into the image, and I realize that, but I would really like to change our SSID password more frequently, so being able to deploy the password to an authenticated user would be beneficial. My dream: User comes in with a laptop. I join them to our domain, and they log in (wired) to our network. Once they log in and are authenticated to our server, they pull the wireless password automatically, and they're now mobile. All I had to do was join the user, everything else is automatic. If anyone can offer a suggestion on how to set this up, or point me in the right direction, that would be extremely helpful. Thanks much.

One of my biggest headaches in previous years has been finding a solution to push out the wireless password for our org via group policy. Granted, this was with Windows Server 2003 and XP Clients, but I'm wondering if it's still as difficult. We currently have a Cisco 4400 Controller with 50 APs, all talking to the same SSID. Previously, I'd have to set up authentication, manage a RADIUS server, all that good stuff. This worked, but was painful, and overkill for what we were trying to accomplish. In 2008 R2 Group Policy with 7 clients, is this easier? Can I simply do a basic, "If this SSID is in range, assign it this password" (pushed out encrypted, obviously) policy? If so, can anyone point me to a KB, I'm having trouble finding the starting point on this. Thanks much.

I am setting up new infrastructure for a school in our town. They are currently mac only with an XServe running the show. The school is a bit different than everything I've worked with in the past as there are two schools that are remotely apart. (3 miles away) Each school has it's own XServe and it's own ISP currently, and as I'm moving to Windows 2008 R2 at each site, with Windows 7 machines as clients, what is the best way to replicate AD, and to have everything just talk to each other. Any VPN product you can recommend? Any better ways? Thanks for your help guys.

I'm currently using ImageX to blast out system-specific WIM images to add to my WDS server. This works beautifully, however, my employees need to manually change the hostname and rejoin to the domain before having a working system. Is there a simple way for me to strip out the hostname during or prior to the ImageX blast. Is there a sysprep switch I can run in PE that will ONLY remove the hostname and prompt for a hostname after deployment of each new system. Thanks so much for your help.